Twitter detected unusual access patterns that led to it identifying unauthorized access attempts to the social network's user data, Bob Lord, Twitter manager of network security and infrastructure, wrote in a Twitter blog posted Feb. 1. Twitter said it discovered one live attack and shut it down almost immediately. But its investigation has indicated that the attackers may have had access to limited user information - usernames, e-mail addresses, session tokens and encrypted/salted versions of passwords - for some 250,000 users.

"As a precautionary security measure, we have reset passwords and revoked session tokens for these accounts," Lord said.

Twitter's network security and infrastructure manager wrote that the attack was neither the work of amateurs, nor an isolated incident. "The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked," Lord said. "For that reason, we felt that it was important to publicize this attack while we still gather information, and we are helping government and federal law enforcement in their effort to find and prosecute these attackers to make the Internet safer for all users."

Also on Feb. 1, a Washington Post article said the Post website had been victimized by a sophisticated cyberattack targeted in an operation that resembled intrusions against The New York Times and Wall Street Journal and that company officials suspect was the work of Chinese hackers [see N.Y. Times' Transparent Hack Response].

"Like other companies in the news recently, we face cybersecurity threats," Post spokeswoman Kris Coratti said. "In this case, we worked with [security company] Mandiant to detect, investigate and remediate the situation promptly at the end of 2011. We have a number of security measures in place to guard against cyberattacks on an ongoing basis."

About the Author

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;

Enter your email address to reset your password

Already have anISMG account?

Forgot Your Password Message:

Contact Us

Already have anISMG account?

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.co.uk, you agree to our use of cookies.